The Hacker’s Dilemma: Applying Game Theory to the Hacker-Enterprise Relationship

In the article “Immunizing the Internet, OR: How I Learned to Stop Worrying and Love the Worm” (Harvard Law Review Volume 119, June 2006, Number 8), the authors argue that certain kinds of cybercrime should be treated differently from other crimes because of cultural features of the hacking community, and because of the net benefit to companies from minimally-harmful hacking. From the perspective of game theory, the relationship between hackers and enterprises is analogous to the classic Prisoner’s Dilemma game; analysis in terms of this scenario leads to strategic recommendations for policy-makers and enterprises to increase “benevolent” hacking. The results of this analysis support both the traditional law-enforcement solutions and the more lenient approach suggested by “Love the Worm”. The Prisoner’s Dilemma One of the classic strategic situations in game theory is called the Prisoner’s Dilemma. A short story motivates the game: Two criminals, Player 1 and Player 2, are accomplices in a bank robbery, and are later arrested. The police place them in separate rooms and offer them both the same plea-bargain deal, which is as follows. The police don’t have enough evidence to prosecute either prisoner for the bank robbery, but they can convict each of them on a lesser charge. However, if one prisoner will testify against the other, he will receive a reduced sentence, and his accomplice will be convicted on the greater charge. If both testify against each other, both will be convicted, though with a reduced sentence. Each player has to choose, independently,